LEAD2015_Auditor_Intro_to_Risk_Management.pdf

1. Lead 2015 Auditor - Risk Management approach 27 Lead 2015 Auditor - Risk Management approach I. Objectives II. Instructions III. Basic concepts of risk management IV. Understanding risk treatment V. Processes involved in risk management VI. Basic model of risk management VII. Risk management standards VIII. Self assessment 01

2. Lead 2015 Auditor - Risk Management approach 27 1. Objectives 02

3. Lead 2015 Auditor - Risk Management approach 27 Objectives 03 Objectives: Understand the basic concepts and principles of risk management. Understand processes involved in risk management Understand the basic model of risk management Understand risk treatment

4. Lead 2015 Auditor - Risk Management approach 27 2. Instructions 04

5. Lead 2015 Auditor - Risk Management approach 27 05 There are important details and comments voiced over in this course. Please enable sound, turn on volume and use headphones or computer loudspeaker. If you can’t hear the voice-over or a soft background music with this first page, then you need to change your set-up. To support a successful training, we strongly recommend you take notes during the course. Use your trainee booklet or download it and print it before taking the course The course is interactive and not necessarily linear, but all pages can be accessed directly when needed. The course is deemed completed once the last training page is reached. Instructions

6. Lead 2015 Auditor - Risk Management approach 27 3. Basic concepts of risk management 06

7. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 07 ► Annex SL – High-level structure requirement: • Actions to address risks and opportunities ► Impact on auditors • Need to understand risk management concepts • Need to understand risk different methodologies for:  Risk analysis  Risk assessment  Risk treatment Risk-based thinking in management systems

8. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 08 ► Fundamental concept of tolerable risk: • “Risk which is accepted in a given context based on the current values of the society” • “Risk that has been reduced to a level that can be endured by the organisation, having regard to its legal obligations and own risk management policy” Tolerable risk Unacceptable Tolerable Broadly acceptable Risk cannot be justified except in extraordinary circumstances Organization is prepared to accept risk in order to secure benefits Risk regarded as insignificant – Further efforts to reduce risk not required

9. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 09 ► Risk source: • “Element which, alone or in combination, has the intrinsic potential to give rise to risk”. ► Hazard: • “Source of potential harm” Risk Source

10. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 10 ► Risk: • “Effect of uncertainty on objectives”. ► Uncertainty: • “State or condition that involves a deficiency of information” ► Risk is understood as: • “Combination of the likelihood and consequences of a specific hazardous event occurring” Risk

11. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 11 ► Likelihood = Probability • Likelihood is usually estimated on assumptions • Probability is more likely to be subject to calculations • Likelihood can be expressed qualitatively or quantitatively • Probability is usually expressed quantitatively ► Probability: • “Relation between the population of conducive events and all events” Likelihood or Probability PROBABILITY

12. Lead 2015 Auditor - Risk Management approach 27 4. Understanding risk treatment 12

13. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 13 ► Risk treatment: • Process to modify risk • Manipulating of likelihood or consequences Risk Treatment ► Which are we more likely to be able to manipulate? Likelihood Consequences Click on one of the buttons to continue Of course, likelihood is more likely to be able to be manipulated, to limit consequences.

14. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 14 ► Inherent risk: • “Risk that is inherently associated with a source of risk” ► Residual risk: • “Risk remaining after risk treatment” Inherent Risk and Residual Risk Click on one of the buttons to continue

15. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 15 Risk Treatment ► Risk treatment: • “Process to modify risk” ► Treatment options: • Reduce the risk • Remove source of the risk • Modify the consequences • Change the probabilities • Share the risk with others • Retain the risk to pursue an opportunity

16. Lead 2015 Auditor - Risk Management approach 27 5. Processes involved in risk management 16

17. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Processes involved in risk risk assessment 17 Risk Assessment Process to identify, analyze and evaluate risks

18. Lead 2015 Auditor - Risk Management approach 27 Risk Identification Processes involved in risk risk assessment Risk identification is a process that involves finding, recognizing, and describing the risks that could affect the achievement of an organization’s objectives. It is used to identify possible sources of risk in addition to the events and circumstances that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences. The organization can use historical data, theoretical analysis, informed opinions, expert advice, and stakeholder input to identify its risks. 17

19. Lead 2015 Auditor - Risk Management approach 27 Risk Analysis Processes involved in risk risk assessment Risk analysis is a process that is used to understand the nature, sources and causes of the risks that the organization has identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that currently exist. How detailed the organization’s risk analysis ought to be will depend upon the risk, the purpose of the analysis, the information they have and the resources available. 2 1 4 3 LIKELIHOOD IMPACT 17

20. Lead 2015 Auditor - Risk Management approach 27 Risk Evaluation Processes involved in risk risk assessment Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable. 17

21. Lead 2015 Auditor - Risk Management approach 27 6. Basic model of risk management 18

22. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic model of risk management 19 Risk Management Process

23. Lead 2015 Auditor - Risk Management approach 27 7. Risk management standards 20

24. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Risk management standards 21 Available Risk Management Standards ► ISO 31000:2009 – Risk Management – Principles and guidelines ► ISO Guide 73:2009 – Risk management – Vocabulary ► ISO 31010:2009 – Risk management – Risk assessment techniques

25. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Tip for the auditor 22 Typical Flaws in Risk Management ► Focusing on spectacular risks ► Focusing only on core business processes

26. Lead 2015 Auditor - Risk Management approach 27 Self Assessment Now it's time to practice! Please work on the following exercises 23

LEAD2015_Auditor_Intro_to_Risk_Management.pdf

LEAD2015_Auditor_Intro_to_Risk_Management.pdf

Recommandé

Contenu connexe

Similaire à LEAD2015_Auditor_Intro_to_Risk_Management.pdf

Similaire à LEAD2015_Auditor_Intro_to_Risk_Management.pdf(20)

Dernier

Dernier(20)

LEAD2015_Auditor_Intro_to_Risk_Management.pdf